MSSQL 2019 on Linux - login expiry default

Shane Muir 6 Reputation points
2022-11-08T06:11:26.4+00:00

I have an instance of MSSQL 2019 C1 for RHEL 8 running on a container using docker.

I am then creating a login on the SQL server for which I am setting the options Enforce password policy and Enforce password expiration.

From what I have been able to find in the online documentation, it seems that the password policy that is enforced is the standard 8 character minimum, including uppercase, lowercase, numerics and special characters. And that the password expiration is defaulting to 90 days. 

select   
	sl.name  
	, is_policy_checked  
	, is_expiration_checked  
	,  LOGINPROPERTY(sl.name,'DaysUntilExpiration') DaysUntilExpiration  
From sys.sql_logins SL

258104-image.png

My question is where is this 90 days coming from? All the documentation says that it comes from the domain and is set in the windows policy settings, else it comes from the local settings. I am on RHEL 8, there is no AD involved. The local user policy on both the linux server and in the container has a password expiration of 99999 days by default.

I have to assume that its set somewhere in the lower depths of the MSSQL code as a hard coded value?

Is there anyway to change this default value?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,716 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Seeya Xi-MSFT 16,436 Reputation points
    2022-11-09T07:07:50.31+00:00

    Hi @Shane Muir ,

    You can cancel the forced expiration with the following code. 

      USE Master  
    GO  
    ALTER LOGIN [SomeName] WITH PASSWORD = 'SomePassword'  
    GO  
    ALTER LOGIN [SomeName] WITH  
    CHECK_EXPIRATION = OFF

    I'm not very familiar with Linux, but I found this article: https://www.redhat.com/sysadmin/password-expiration-date-linux
    About 90 seems to be a requirement of your company.
    You can set the number of days the password is valid before it expires with PASS_MAX_DAYS.

    Best regards,
    Seeya

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Shane Muir 6 Reputation points
    2022-11-09T22:16:27.54+00:00

    Thanks for the input Seeya

    I should have clarified. I don't want to set the expiration off, I would very much like it on. Its more where its getting the value of 90 days from.

    The linux server is very much stand alone, and vanilla - as in its literally had docker installed and that is about it. It isn't attached to any domain that I am aware of. I have read that article you mention previously, and whilst that is the default for linux users, that doesn't seem to apply to the users in SQL, as I did play with those values, and created users and it remained at the 90 days.

  3. Randolph West 0 Reputation points Microsoft Employee
    2023-07-11T19:27:53.0066667+00:00

    90 days is hard-coded for SQL Server on Linux, if you're not using integrated authentication. We'll add this to the Security Limitations article.

    0 comments